Evolving Privacy Laws

As of January 1, the California Consumer Privacy Act (“CCPA”) is now live, and the patchwork of privacy regulations (including Europe’s General Data Protection Regulation (“GDPR”) and various state rules and proposals) continues to challenge businesses across the country to audit their own handling of data.

Importantly, *at this time* while CCPA is NOT limited to California-based companies, it only comes into play for those companies with gross revenues exceeding $25 million or those in the business of transacting consumers’ personal information (either deriving more than half of its annual revenues from selling personal information (“PI”) or otherwise buying, selling, receiving, or sharing the PI of 50,000 or more consumers, households, or devices for commercial purposes). As this law has just gone into effect (and still has many drafting ambiguities), we expect more guidance to follow before full enforcement begins this summer.

Likewise, GDRP applies to American businesses, but (at this time) only to the extent they handle the identifiable information of Europeans.   TMF never objects to erring on the side of caution (with protections such as cookie notices and comprehensive data privacy policies), and we are available to assess your company’s specific needs as these laws evolve.